RunCMS system has multiple security vulnerabilities including Blind SQL Injection, Stored XSS, Linked XSS, Image XSS, Predictable session id, Vulnerable password changing algorithm, and many PHP Injections in the Administrator panel.
This code is a proof of concept for a local format string vulnerability in GNU sharutils version 4.2.1. The code exploits the format bugs, buffer overflows, heap and stack holes in the binary. It demonstrates three ways of exploiting the binary, but this code focuses on one method. The code also includes greetings to various individuals and groups.
This exploit allows remote attackers to execute arbitrary commands on vulnerable versions of Oracle Weblogic. The vulnerability is identified by CVE-2019-2729.
The vulnerability allows an attacker to cause a denial of service (DoS) condition by providing specially crafted input to the ZIP Password Recovery software. By creating a file with specific characters and pasting them into the 'Select Your ZIP File' field, the software crashes.
Tomcat proprietaryEvaluate/introspecthelper Sandbox Escape
The PMOS Help Desk version 2.4 and below is vulnerable to remote command execution. The vulnerability exists in the form.php file, where PHP code injection is possible. The code injection occurs in the query at line 49 or 47, allowing an attacker to inject PHP code into the 'options' table. The injected code will be executed by the eval() function in files like index.php. This vulnerability can be exploited to execute arbitrary commands on the server.
This exploit allows an attacker to execute remote code without authentication in the Online Book Store 1.0 application. By uploading a PHP web shell, the attacker can gain control of the target system and execute arbitrary commands.
The AnyDesk service in version 5.4.0 has an unquoted service path vulnerability, which allows an attacker to escalate privileges by placing a malicious executable in a directory higher in the system's path than the legitimate AnyDesk executable.
This exploit allows an attacker to execute arbitrary code remotely on the Job Portal 1.0 application. The attacker can upload a PHP web shell and then execute commands on the target server.
This vulnerability allows an attacker to escalate privileges by exploiting the Core Shell COM Registrar Object in Windows. By leveraging a specific GUID, an attacker can gain elevated privileges on the system.
Services By CQR